None, general question before implementing and changing our NS
What is the current SSL/TLS setting?
Full (strict)
What are the steps to reproduce the issue?
We need to be able to access one of our subdomain only if the client has the certificate.
If I understand correctly, it seems to be possible if we put Encryption mode at “Full” for this hostname only, but we want to be sure that will work and is the proper way of doing it before changing our NS to cloudflare. The rest of the domain would be set at Full (strict).
Another option seems to be to use Client Certificates, but we have the Pro plan only and we would like to keep our own. By the documentation we would need the Enterprise plan to do this.
We are not using Client Certificates with Cloudflare, but we already have some installed on our users devices to access our server. If possible we would want to keep using our own server certificate, yes.
We want cloudflare to only allow trafic to a hostname if the clients have our certificate.
We might just disable it like you said in the end if we can’t go with enterprise for the custom certificate.
Yes I read about it, but the issue is that we need enterprise to bring our own CA Certificate.
Would it be possible to create a cloudflare client certificate only for our subdomain and then deploy it?
If we can, we might move on from our own certificate and go with the mTLS.